This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG API Powershell Module - sophosxg-api

JamesPDavis over 4 years ago

Hi All,

As a professional development and learning exercise I wrote this powershell module.

I do not claim it to be free from errors/bugs and is for learning and testing. Use at your own risk.

I thought it may be of some value to others out there.

https://github.com/strooth/SophosXg-Api

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 4 years ago

Could you give us / me some insights, what you API actually can perform?

You are settings some values to configure a XG, correct?

If you want to get some "clicks clicks clicks", build Certbot + DNAT + Lets Encrypt Upload + Replacement Script.

Seems like you know, what you are doing, and this is highly asked by some people.

The script should perform something like:

Enable a specific DNAT Rule every 2 Month. (Port80 to the powershell server?).

Start Certbot to generate new LE certificates.

Disable DNAT Rule.

Upload new LE Certificate to XG

Replace in Webadmin the LE Certificate

Check in Firewall Rule for WAF Rules, replace if yes, replace the Certificate

(Clean up old LE certificate).

As a little help: https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/102208/upload-certificate-using-api

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 JamesPDavis over 4 years ago in reply to LuCar Toni

Wrote this last weekend after reading your suggestion and looking at what others had written just haven't got around to including it into the module.

You should be able to figure out the acme renewal etc yourself and use this to do the upload.

function Invoke-MultipartFormRequest

{

  [CmdletBinding()]

  param (

    [Parameter(ParameterSetName = '0', Mandatory = $true, ValueFromPipeline = $true, Position = 0)]

    [string]$FilePath,

    [Parameter(ParameterSetName = '0', Mandatory = $true, ValueFromPipeline = $true, Position = 0)]

    [string]$uri,

    [Parameter(ParameterSetName = '0', Mandatory = $true, ValueFromPipeline = $true, Position = 0)]

    [string]$request

  )

  begin

  {

    #add classes

    Add-Type -AssemblyName System.Web

    Add-Type -AssemblyName System.Net.Http

    #create http client

    $httpClientHandler = New-Object System.Net.Http.HttpClientHandler

    $httpClient = New-Object System.Net.Http.Httpclient $httpClientHandler

    #Create File upload

    $ContentType = "application/octet-stream"

    $file = Get-Item -Path $FilePath

    $contentDispositionHeaderValue = New-Object System.Net.Http.Headers.ContentDispositionHeaderValue "form-data"

    $contentDispositionHeaderValue.Name = "`"$((Get-Item $File).Basename)`""

    $contentDispositionHeaderValue.FileName = "`"$((Get-Item $File).Name)`""

    $HeaderContentType = New-Object System.Net.Http.Headers.MediaTypeHeaderValue $ContentType

    $packageFileStream = New-Object System.IO.FileStream @($File, [System.IO.FileMode]::Open)

    $streamContent = New-Object System.Net.Http.StreamContent $packageFileStream

    $streamContent.Headers.ContentDisposition = $contentDispositionHeaderValue

    $streamContent.Headers.ContentType = $HeaderContentType

    #create req part

    $messageDispositionValue = New-Object System.Net.Http.Headers.ContentDispositionHeaderValue "form-data"

    $messageDispositionValue.Name = "reqxml"

    $messageContent = New-Object System.Net.Http.StringContent $request

    $messageContent.Headers.ContentDisposition = $messageDispositionValue

    $ContentType = "application/xml; charset=utf-8"

    $messageContent.Headers.ContentType = $ContentType

    #create content to send

    $content = New-Object System.Net.Http.MultipartFormDataContent

    $content.Add($messageContent)

    $content.Add($streamContent)

    if ($uri.Substring($uri.Length - 1) -ne '?') { $uri = $uri + '?' }

  }

  process

  {

    try

    {

      $response = $httpClient.PostAsync($uri, $content).Result

    }

    catch

    {

      $PSCmdlet.ThrowTerminatingError($error[0])

    }

    finally

    {

      $content.Dispose()

      $messageContent.Dispose()

      $streamContent.Dispose()

      $packageFileStream.Close()

      $packageFileStream.Dispose()

      $httpClient.CancelPendingRequests()

      $httpClient.Dispose()

      $httpClientHandler.Dispose()

    }

  }

  end

  {

    return $response

  }

}
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JamesPDavis over 4 years ago in reply to LuCar Toni

Wrote this last weekend after reading your suggestion and looking at what others had written just haven't got around to including it into the module.

You should be able to figure out the acme renewal etc yourself and use this to do the upload.

function Invoke-MultipartFormRequest

{

  [CmdletBinding()]

  param (

    [Parameter(ParameterSetName = '0', Mandatory = $true, ValueFromPipeline = $true, Position = 0)]

    [string]$FilePath,

    [Parameter(ParameterSetName = '0', Mandatory = $true, ValueFromPipeline = $true, Position = 0)]

    [string]$uri,

    [Parameter(ParameterSetName = '0', Mandatory = $true, ValueFromPipeline = $true, Position = 0)]

    [string]$request

  )

  begin

  {

    #add classes

    Add-Type -AssemblyName System.Web

    Add-Type -AssemblyName System.Net.Http

    #create http client

    $httpClientHandler = New-Object System.Net.Http.HttpClientHandler

    $httpClient = New-Object System.Net.Http.Httpclient $httpClientHandler

    #Create File upload

    $ContentType = "application/octet-stream"

    $file = Get-Item -Path $FilePath

    $contentDispositionHeaderValue = New-Object System.Net.Http.Headers.ContentDispositionHeaderValue "form-data"

    $contentDispositionHeaderValue.Name = "`"$((Get-Item $File).Basename)`""

    $contentDispositionHeaderValue.FileName = "`"$((Get-Item $File).Name)`""

    $HeaderContentType = New-Object System.Net.Http.Headers.MediaTypeHeaderValue $ContentType

    $packageFileStream = New-Object System.IO.FileStream @($File, [System.IO.FileMode]::Open)

    $streamContent = New-Object System.Net.Http.StreamContent $packageFileStream

    $streamContent.Headers.ContentDisposition = $contentDispositionHeaderValue

    $streamContent.Headers.ContentType = $HeaderContentType

    #create req part

    $messageDispositionValue = New-Object System.Net.Http.Headers.ContentDispositionHeaderValue "form-data"

    $messageDispositionValue.Name = "reqxml"

    $messageContent = New-Object System.Net.Http.StringContent $request

    $messageContent.Headers.ContentDisposition = $messageDispositionValue

    $ContentType = "application/xml; charset=utf-8"

    $messageContent.Headers.ContentType = $ContentType

    #create content to send

    $content = New-Object System.Net.Http.MultipartFormDataContent

    $content.Add($messageContent)

    $content.Add($streamContent)

    if ($uri.Substring($uri.Length - 1) -ne '?') { $uri = $uri + '?' }

  }

  process

  {

    try

    {

      $response = $httpClient.PostAsync($uri, $content).Result

    }

    catch

    {

      $PSCmdlet.ThrowTerminatingError($error[0])

    }

    finally

    {

      $content.Dispose()

      $messageContent.Dispose()

      $streamContent.Dispose()

      $packageFileStream.Close()

      $packageFileStream.Dispose()

      $httpClient.CancelPendingRequests()

      $httpClient.Dispose()

      $httpClientHandler.Dispose()

    }

  }

  end

  {

    return $response

  }

}
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data